Latest version. We've tried every kind of key/certificate and nothing works with WinSCP. We've tried private/public (PEM), private/certificate (PEM), OpenSSH, non-OpenSSH, PuTTYgen, Keystore Explorer, Java. The only thing we could get to work was a very old expired certificate (in private key / certificate PEM format). Nothing new works. WinSCP either doesn't accept the file at all or you get disconnected from the server with "SSL3 alert read: fatal certificate unknown". Our keys and certs work with other clients to the same server. Even the bundled PuTTYgen does not generate files that WinSCP can use.
I think WinSCP is not handling SSL certificates correctly. You need to use standard X.509 certificates, in standard file formats, and WinSCP should not require that they be signed. That's up to the server. And you need to be able to enter a password/passphrase for some files formats. And SSL/TLS requires that you have both your private key and your public certificate to encrypt. WinSCP has no place to specify a private key!
It was working in previous versions.